Mesa (staging/21.2): panfrost: Fix NULL dereference in allowlist code
GitLab Mirror
gitlab-mirror at kemper.freedesktop.org
Thu Aug 26 17:06:52 UTC 2021
Module: Mesa
Branch: staging/21.2
Commit: ece6458c04e4e2a536afd468a4795b63aff67adc
URL: http://cgit.freedesktop.org/mesa/mesa/commit/?id=ece6458c04e4e2a536afd468a4795b63aff67adc
Author: Alyssa Rosenzweig <alyssa at collabora.com>
Date: Mon Aug 23 20:18:25 2021 -0400
panfrost: Fix NULL dereference in allowlist code
If a user attempts to run Panfrost on an unsupported GPU (e.g. Mali
T604), Panfrost will refuse to load and will destroy the screen
immediately, allowing for a graceful fallback to a software rasterizer.
However, the screen destroy code calls a screen_destroy function in the
GenXML vtbl -- and this function is still NULL when the allowlist is
checked. This manifests as crashes on unsuported GPUs.
Issue tracked down with Icecream95's mad Ghidra skills.
Closes: #5269
Fixes: 88dc4db6be7 ("panfrost: Init/destroy blitter from per-gen file")
Signed-off-by: Alyssa Rosenzweig <alyssa at collabora.com>
Reported-by: Icecream95 <ixn at disroot.org>
Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/12512>
(cherry picked from commit 2d31d469f771b5ef617c88b8b50dff97288284fe)
---
.pick_status.json | 2 +-
src/gallium/drivers/panfrost/pan_screen.c | 3 ++-
2 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/.pick_status.json b/.pick_status.json
index ed12d455ef7..3f388f93627 100644
--- a/.pick_status.json
+++ b/.pick_status.json
@@ -238,7 +238,7 @@
"description": "panfrost: Fix NULL dereference in allowlist code",
"nominated": true,
"nomination_type": 1,
- "resolution": 0,
+ "resolution": 1,
"main_sha": null,
"because_sha": "88dc4db6be7e21dee525ce1dd4e411664ebc33d6"
},
diff --git a/src/gallium/drivers/panfrost/pan_screen.c b/src/gallium/drivers/panfrost/pan_screen.c
index 6df27b4cdd5..432351ba72d 100644
--- a/src/gallium/drivers/panfrost/pan_screen.c
+++ b/src/gallium/drivers/panfrost/pan_screen.c
@@ -701,7 +701,8 @@ panfrost_destroy_screen(struct pipe_screen *pscreen)
panfrost_pool_cleanup(&screen->blitter.desc_pool);
pan_blend_shaders_cleanup(dev);
- screen->vtbl.screen_destroy(pscreen);
+ if (screen->vtbl.screen_destroy)
+ screen->vtbl.screen_destroy(pscreen);
if (dev->ro)
dev->ro->destroy(dev->ro);
More information about the mesa-commit
mailing list